Cross-site scripting request forgeries
Defenses for Web Users
One browser that has incorporated this strategy is Google Chrome. Each browser tab in Chrome is actually a separate process and not a thread running within the same context as other threads (tabs). Thus, the tabs cannot interfere with each other, rendering most CSRF attacks impotent.
- Cross-Site Request Forgery (CSRF): http://www.owasp.org/index.php/Cross-Site_Request_Forgery
- Zeller, W., and Felten, E.W. "Cross-Site Request Forgeries: Exploitation and Prevention," 2008, http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf
Buy this article as PDF
Read full article as PDF:Security_Lessons_Cross-site_Scripting_Request_Forgeries.pdf (259.83 kB)
Linux Foundation's big event celebrates the 25th anniversary of Linux
Linux has evolved from a “won’t be a professional” project to one of the most professional software projects in the history of computers.
Competitors get in the game with RHEL without Red Hat
Security researchers have already notified Microsoft; some fixes are available
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
Customers can take a free test drive of SLES for HPC on the Azure Cloud
San Francisco-based chip company announces their first fully open source chip platform.
The whole distro gets rebuilt on glibc 2.3
Ubuntu Vendor tries to solve app packaging and distribution problem across distributions.